All of our products are subject to U.S. export control laws and applicable foreign government import, export and/or use
requirements. The level of control generally depends on the nature of the goods and services in question. For example, the level of control is affected by the nature
of the software and encryption incorporated into our products. Where controls apply, the export of our products may require an export license or authorization or
that the transaction qualify for a license exception or the equivalent, and may also be subject to corresponding reporting requirements. For the export of some of our
products, we may be subject to various post-shipment reporting requirements. Minimal U.S. export restrictions apply to all of our products, whether or not they
perform encryption functions. Additionally, because we are a Department of Defense contractor, there are certain registration requirements that may be triggered by
our sales. In addition, certain of our items and/or transactions may be subject to the International Traffic in Arms Regulations (ITAR) if our software or services are
specifically designed or modified for defense purposes. Companies engaged in manufacturing or exporting ITAR-controlled goods and services (even if these
companies do not export such items) are required to register with the U.S. State Department.

Enhancements to existing products may, and new products will, be subject to review under the Export Administration Act to determine what export
classification they will receive. In light of the ongoing discussions regarding anti-terrorism legislation in the U.S. Congress, there continues to be discussions
regarding the correct level of export control. Export regulations may be modified at any time. Modifications to the export regulations could reduce or eliminate our
ability to export some or all of our products from the U.S. without a license in the future, which could put us at a disadvantage in competing for international sales
compared to companies located outside of the U.S. that would not be subject to these restrictions. Modifications to the export regulations could prevent us from
exporting our existing and future products in an unrestricted manner without a license or make it more difficult to receive the desired classification. If export
regulations were to be modified in such a way, we may be put at a competitive disadvantage with respect to selling our products internationally. We are working on
enhancing our systems to address the impact of these regulations on our products and services and understand the need to comply. We will complete technical
reviews on any new products that we acquire or develop that may be subject to the requirements before we can export them.

Secure FTP Server has been classified as CCATS #G042680 and #G024963, under ECCN 5D002 of the Commerce Control List, and is eligible for export to almost all foreign destinations without an export license under authority of license exception ENC.

EFT has been classified as CCATS #G039017, under ECCN 5D002 of the Commerce Control List, and is eligible for export to almost all foreign destinations without an export license under authority of license exception ENC.

CuteFTP has been classified as CCATS #G019473, and #G024963, under ECCN 5D002 of the Commerce Control List, and is eligible for export to almost all foreign destinations without an export license under authority of license exception ENC.

These products have been classified as an "unrestricted" encryption item (formerly a "retail encryption item") under section 740.17(b)(3) of the Export Administration Regulations, and, as such, are eligible for export to governmental and non-government end-users in all eligible countries. They may not be exported to any country that is embargoed by, or has been designated as a terrorist supporting country by, the U.S. Government. Those restricted countries currently include Cuba, Iran, Libya, North Korea, Sudan, and Syria.

*The "Entity List" is a PDF of names of certain foreign persons—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—that are subject to specific license requirements for the export, reexport, and/or transfer (in-country) of specified items.

Update March 21, 2016: EFT was awarded CCATS G039017 on November 18, 2004. No Encryption Registration Number (ERN) was assigned at that time, as ERNs were only made available through the BIS after 2010 through the self-classification system. According to 740.17(f)(1), products that were classified by CCATS as ECCN 5D002 do not require re-classification or regular reports due to the grandfathering clause. As such, EFT’s CCATS can still be used and no further reporting or reclassification is needed, provided nothing is changed that would affect License Exception ENC eligibility of the originally classified product (meaning it can still be classified as 5D002 or 5D992). In summary, our License Exception ENC is still in effect and thus no re-classification or reporting is due (for these or other products that went through the CCATS process prior to June 25, 2010).